Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of the Full 16-Round DES
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Algebraic analysis of GOST encryption algorithm
Proceedings of the 4th international conference on Security of information and networks
Research about strength of GOST 28147-89 encryption algorithm
Proceedings of the Fifth International Conference on Security of Information and Networks
Influence of S-Boxes to the resistance of GOST algorithm against linear cryptanalysis
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
In this article we explore the resistance of the GOST 28147-89 algorithm (commonly referred to as GOST) to the attack based on differential cryptanalysis. GOST algorithm is used as a national standard in the Russian Federation. GOST uses variable substitution boxes. It is commonly believed that any values of S-boxes for 32-round GOST encryption algorithm provide sufficient degree of resisting against attacks based on techniques such as linear and differential cryptanalysis. As the result of our research, we have found out that there is a number of S-boxes with weak properties with respect to differential cryptanalysis. The use of such elements in GOST allows obtaining features that have a fairly high probability that can be used to carry out attacks. So, if we use the same weak block replacement, the probability characteristics for the 32 rounds of GOST can reach 2-25, which makes it relatively easy to get the right pair of texts for analysis. As the illustration of correctness of our assumptions, we have carried out an attack against 12 rounds of GOST algorithm, which allows us to obtain first round subkey within minutes.